上传示例 (Amazon Signature Version 2) - Amazon Simple Storage Service
Amazon Web Services 文档中描述的 Amazon Web Services 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅 中国的 Amazon Web Services 服务入门 (PDF)

上传示例 (Amazon Signature Version 2)

注意

本节中讨论的请求身份验证基于 Amazon Signature Version 2,这是一种对 Amazon 服务的入站 API 请求进行身份验证的协议。

Amazon S3 现在在所有 Amazon Web Services 区域 支持 Signature Version 4,后者是一种用于对 Amazon 服务入站 API 请求进行身份验证的协议。目前,于 2014 年 1 月 30 日前创建的 Amazon Web Services 区域 将继续支持之前的协议:Signature Version 2。于 2014 年 1 月 30 日后创建的所有新区域将只支持 Signature Version 4,因此,发往这些区域的所有请求都必须采用 Signature Version 4。有关更多信息,请参阅《Amazon Simple Storage Service API 参考》中的示例:使用 HTTP POST 的基于浏览器的上传(使用 Amazon Signature Version 4)

文件上传

此示例演示构造用于上传文件附件的策略和表单的完整过程。

策略和表单构建

以下策略支持针对 awsexamplebucket1 存储桶上传到 Amazon S3。

{ "expiration": "2007-12-01T12:00:00.000Z", "conditions": [ {"bucket": "awsexamplebucket1"}, ["starts-with", "$key", "user/eric/"], {"acl": "public-read"}, {"success_action_redirect": "https://awsexamplebucket1.s3.us-west-1.amazonaws.com/successful_upload.html"}, ["starts-with", "$Content-Type", "image/"], {"x-amz-meta-uuid": "14365123651274"}, ["starts-with", "$x-amz-meta-tag", ""] ] }

此策略要求以下内容:

  • 上传必须在 2007 年 12 月 1 日 12:00 UTC 之前进行。

  • 内容必须上传到 awsexamplebucket1 存储桶。

  • 键必须以“user/eric/”开头。

  • ACL 必须设置为公共读取。

  • success_action_redirect 设置为 https://awsexamplebucket1.s3.us-west-1.amazonaws.com/successful_upload.html。

  • 对象是一个图像文件。

  • x-amz-meta-uuid 标签必须设置为 14365123651274。

  • x-amz-meta-tag 可以包含任意值。

下面是此策略的 Base64 编码版本。

eyAiZXhwaXJhdGlvbiI6ICIyMDA3LTEyLTAxVDEyOjAwOjAwLjAwMFoiLAogICJjb25kaXRpb25zIjogWwogICAgeyJidWNrZXQiOiAiam9obnNtaXRoIn0sCiAgICBbInN0YXJ0cy13aXRoIiwgIiRrZXkiLCAidXNlci9lcmljLyJdLAogICAgeyJhY2wiOiAicHVibGljLXJlYWQifSwKICAgIHsic3VjY2Vzc19hY3Rpb25fcmVkaXJlY3QiOiAiaHR0cDovL2pvaG5zbWl0aC5zMy5hbWF6b25hd3MuY29tL3N1Y2Nlc3NmdWxfdXBsb2FkLmh0bWwifSwKICAgIFsic3RhcnRzLXdpdGgiLCAiJENvbnRlbnQtVHlwZSIsICJpbWFnZS8iXSwKICAgIHsieC1hbXotbWV0YS11dWlkIjogIjE0MzY1MTIzNjUxMjc0In0sCiAgICBbInN0YXJ0cy13aXRoIiwgIiR4LWFtei1tZXRhLXRhZyIsICIiXQogIF0KfQo=

使用您的凭证创建签名,例如 0RavWzkygo6QX9caELEqKi9kDbU= 是先前的策略文档的签名。

以下表单支持针对使用此策略的 DOC-EXAMPLE-BUCKET 桶提出的 POST 请求。

<html> <head> ... <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> ... </head> <body> ... <form action="https://DOC-EXAMPLE-BUCKET.s3.us-west-1.amazonaws.com/" method="post" enctype="multipart/form-data"> Key to upload: <input type="input" name="key" value="user/eric/" /><br /> <input type="hidden" name="acl" value="public-read" /> <input type="hidden" name="success_action_redirect" value="https://awsexamplebucket1.s3.us-west-1.amazonaws.com/successful_upload.html" /> Content-Type: <input type="input" name="Content-Type" value="image/jpeg" /><br /> <input type="hidden" name="x-amz-meta-uuid" value="14365123651274" /> Tags for File: <input type="input" name="x-amz-meta-tag" value="" /><br /> <input type="hidden" name="AWSAccessKeyId" value="AKIAIOSFODNN7EXAMPLE" /> <input type="hidden" name="Policy" value="POLICY" /> <input type="hidden" name="Signature" value="SIGNATURE" /> File: <input type="file" name="file" /> <br /> <!-- The elements after this will be ignored --> <input type="submit" name="submit" value="Upload to Amazon S3" /> </form> ... </html>

示例请求

此请求假设上传的图像为 117,108 字节;不包括图像数据。

POST / HTTP/1.1 Host: awsexamplebucket1.s3.us-west-1.amazonaws.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.10) Gecko/20071115 Firefox/2.0.0.10 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Content-Type: multipart/form-data; boundary=9431149156168 Content-Length: 118698 --9431149156168 Content-Disposition: form-data; name="key" user/eric/MyPicture.jpg --9431149156168 Content-Disposition: form-data; name="acl" public-read --9431149156168 Content-Disposition: form-data; name="success_action_redirect" https://awsexamplebucket1.s3.us-west-1.amazonaws.com/successful_upload.html --9431149156168 Content-Disposition: form-data; name="Content-Type" image/jpeg --9431149156168 Content-Disposition: form-data; name="x-amz-meta-uuid" 14365123651274 --9431149156168 Content-Disposition: form-data; name="x-amz-meta-tag" Some,Tag,For,Picture --9431149156168 Content-Disposition: form-data; name="AWSAccessKeyId" AKIAIOSFODNN7EXAMPLE --9431149156168 Content-Disposition: form-data; name="Policy" eyAiZXhwaXJhdGlvbiI6ICIyMDA3LTEyLTAxVDEyOjAwOjAwLjAwMFoiLAogICJjb25kaXRpb25zIjogWwogICAgeyJidWNrZXQiOiAiam9obnNtaXRoIn0sCiAgICBbInN0YXJ0cy13aXRoIiwgIiRrZXkiLCAidXNlci9lcmljLyJdLAogICAgeyJhY2wiOiAicHVibGljLXJlYWQifSwKICAgIHsic3VjY2Vzc19hY3Rpb25fcmVkaXJlY3QiOiAiaHR0cDovL2pvaG5zbWl0aC5zMy5hbWF6b25hd3MuY29tL3N1Y2Nlc3NmdWxfdXBsb2FkLmh0bWwifSwKICAgIFsic3RhcnRzLXdpdGgiLCAiJENvbnRlbnQtVHlwZSIsICJpbWFnZS8iXSwKICAgIHsieC1hbXotbWV0YS11dWlkIjogIjE0MzY1MTIzNjUxMjc0In0sCiAgICBbInN0YXJ0cy13aXRoIiwgIiR4LWFtei1tZXRhLXRhZyIsICIiXQogIF0KfQo= --9431149156168 Content-Disposition: form-data; name="Signature" 0RavWzkygo6QX9caELEqKi9kDbU= --9431149156168 Content-Disposition: form-data; name="file"; filename="MyFilename.jpg" Content-Type: image/jpeg ...file content... --9431149156168 Content-Disposition: form-data; name="submit" Upload to Amazon S3 --9431149156168--

示例响应

HTTP/1.1 303 Redirect x-amz-request-id: 1AEE782442F35865 x-amz-id-2: cxzFLJRatFHy+NGtaDFRR8YvI9BHmgLxjvJzNiGGICARZ/mVXHj7T+qQKhdpzHFh Content-Type: application/xml Date: Wed, 14 Nov 2007 21:21:33 GMT Connection: close Location: https://awsexamplebucket1.s3.us-west-1.amazonaws.com/successful_upload.html?bucket=awsexamplebucket1&key=user/eric/MyPicture.jpg&etag=&quot;39d459dfbc0faabbb5e179358dfb94c3&quot; Server: AmazonS3

文本区域上传

以下示例演示构造策略和表单以上传文本区域的完整过程。上传文本区域对于提交用户创建的内容 (如博客文章) 十分有用。

策略和表单构建

以下策略支持针对 awsexamplebucket1 存储桶将文本区域上传到 Amazon S3。

{ "expiration": "2007-12-01T12:00:00.000Z", "conditions": [ {"bucket": "awsexamplebucket1"}, ["starts-with", "$key", "user/eric/"], {"acl": "public-read"}, {"success_action_redirect": "https://awsexamplebucket1.s3.us-west-1.amazonaws.com/new_post.html"}, ["eq", "$Content-Type", "text/html"], {"x-amz-meta-uuid": "14365123651274"}, ["starts-with", "$x-amz-meta-tag", ""] ] }

此策略要求以下内容:

  • 上传必须在 2007 年 12 月 1 日 12:00 GMT 之前进行。

  • 内容必须上传到 awsexamplebucket1 存储桶。

  • 键必须以“user/eric/”开头。

  • ACL 必须设置为公共读取。

  • success_action_redirect 设置为 https://awsexamplebucket1.s3.us-west-1.amazonaws.com/new_post.html。

  • 对象是 HTML 文本。

  • x-amz-meta-uuid 标签必须设置为 14365123651274。

  • x-amz-meta-tag 可以包含任意值。

下面是此策略的 Base64 编码版本。

eyAiZXhwaXJhdGlvbiI6ICIyMDA3LTEyLTAxVDEyOjAwOjAwLjAwMFoiLAogICJjb25kaXR pb25zIjogWwogICAgeyJidWNrZXQiOiAiam9obnNtaXRoIn0sCiAgICBbInN0YXJ0cy13aXRoIiwgIiRrZXkiLCAidXNlci9lcmljLyJd LAogICAgeyJhY2wiOiAicHVibGljLXJlYWQifSwKICAgIHsic3VjY2Vzc19hY3Rpb25fcmVkaXJlY3QiOiAiaHR0cDovL2pvaG5zbWl0a C5zMy5hbWF6b25hd3MuY29tL25ld19wb3N0Lmh0bWwifSwKICAgIFsiZXEiLCAiJENvbnRlbnQtVHlwZSIsICJ0ZXh0L2h0bWwiXSwKI CAgIHsieC1hbXotbWV0YS11dWlkIjogIjE0MzY1MTIzNjUxMjc0In0sCiAgICBbInN0YXJ0cy13aXRoIiwgIiR4LWFtei1tZXRhLXRhZy IsICIiXQogIF0KfQo=

使用您的凭证创建签名。例如,qA7FWXKq6VvU68lI9KdveT1cWgF= 是先前的策略文档的签名。

以下表单支持针对使用此策略的 DOC-EXAMPLE-BUCKET 桶提出的 POST 请求。

<html> <head> ... <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> ... </head> <body> ... <form action="https://DOC-EXAMPLE-BUCKET.s3.us-west-1.amazonaws.com/" method="post" enctype="multipart/form-data"> Key to upload: <input type="input" name="key" value="user/eric/" /><br /> <input type="hidden" name="acl" value="public-read" /> <input type="hidden" name="success_action_redirect" value="https://awsexamplebucket1.s3.us-west-1.amazonaws.com/new_post.html" /> <input type="hidden" name="Content-Type" value="text/html" /> <input type="hidden" name="x-amz-meta-uuid" value="14365123651274" /> Tags for File: <input type="input" name="x-amz-meta-tag" value="" /><br /> <input type="hidden" name="AWSAccessKeyId" value="AKIAIOSFODNN7EXAMPLE" /> <input type="hidden" name="Policy" value="POLICY" /> <input type="hidden" name="Signature" value="SIGNATURE" /> Entry: <textarea name="file" cols="60" rows="10"> Your blog post goes here. </textarea><br /> <!-- The elements after this will be ignored --> <input type="submit" name="submit" value="Upload to Amazon S3" /> </form> ... </html>

示例请求

此请求假设上传的图像为 117,108 字节;不包括图像数据。

POST / HTTP/1.1 Host: awsexamplebucket1.s3.us-west-1.amazonaws.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.10) Gecko/20071115 Firefox/2.0.0.10 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Content-Type: multipart/form-data; boundary=178521717625888 Content-Length: 118635 -178521717625888 Content-Disposition: form-data; name="key" ser/eric/NewEntry.html --178521717625888 Content-Disposition: form-data; name="acl" public-read --178521717625888 Content-Disposition: form-data; name="success_action_redirect" https://awsexamplebucket1.s3.us-west-1.amazonaws.com/new_post.html --178521717625888 Content-Disposition: form-data; name="Content-Type" text/html --178521717625888 Content-Disposition: form-data; name="x-amz-meta-uuid" 14365123651274 --178521717625888 Content-Disposition: form-data; name="x-amz-meta-tag" Interesting Post --178521717625888 Content-Disposition: form-data; name="AWSAccessKeyId" AKIAIOSFODNN7EXAMPLE --178521717625888 Content-Disposition: form-data; name="Policy" eyAiZXhwaXJhdGlvbiI6ICIyMDA3LTEyLTAxVDEyOjAwOjAwLjAwMFoiLAogICJjb25kaXRpb25zIjogWwogICAgeyJidWNrZXQiOiAiam9obnNtaXRoIn0sCiAgICBbInN0YXJ0cy13aXRoIiwgIiRrZXkiLCAidXNlci9lcmljLyJdLAogICAgeyJhY2wiOiAicHVibGljLXJlYWQifSwKICAgIHsic3VjY2Vzc19hY3Rpb25fcmVkaXJlY3QiOiAiaHR0cDovL2pvaG5zbWl0aC5zMy5hbWF6b25hd3MuY29tL25ld19wb3N0Lmh0bWwifSwKICAgIFsiZXEiLCAiJENvbnRlbnQtVHlwZSIsICJ0ZXh0L2h0bWwiXSwKICAgIHsieC1hbXotbWV0YS11dWlkIjogIjE0MzY1MTIzNjUxMjc0In0sCiAgICBbInN0YXJ0cy13aXRoIiwgIiR4LWFtei1tZXRhLXRhZyIsICIiXQogIF0KfQo= --178521717625888 Content-Disposition: form-data; name="Signature" qA7FWXKq6VvU68lI9KdveT1cWgF= --178521717625888 Content-Disposition: form-data; name="file" ...content goes here... --178521717625888 Content-Disposition: form-data; name="submit" Upload to Amazon S3 --178521717625888--

示例响应

HTTP/1.1 303 Redirect x-amz-request-id: 1AEE782442F35865 x-amz-id-2: cxzFLJRatFHy+NGtaDFRR8YvI9BHmgLxjvJzNiGGICARZ/mVXHj7T+qQKhdpzHFh Content-Type: application/xml Date: Wed, 14 Nov 2007 21:21:33 GMT Connection: close Location: https://awsexamplebucket1.s3.us-west-1.amazonaws.com/new_post.html?bucket=awsexamplebucket1&key=user/eric/NewEntry.html&etag=40c3271af26b7f1672e41b8a274d28d4 Server: AmazonS3